Количество 2
Количество 2
CVE-2026-22870
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1.
GHSA-ffj4-jq7m-9g6v
GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22870 GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data. This vulnerability is fixed in 2.7.1. | CVSS3: 7.5 | 0% Низкий | 26 дней назад |
| GHSA-ffj4-jq7m-9g6v GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS | 0% Низкий | 26 дней назад |
Уязвимостей на страницу